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1 PROCEEDINGS 

2 ilPmP: P" progress] ~ Department of Veterans 

3 Affairs, Office of Inspector General. I'm in Austin, Texas. 

4 It's June the 7th, 2006, and with me today i^llHtf 
^flHB^^^ alsoJl^HHHjHPf the 

6 mimMWouid you raise your right hand, please. 

7 Do you swekr that the testimony you are about to give is the 

8 truth, the whole truth, and nothing but the truth? 

flHRHHr '^ swear, 
10 Whereupon, 

12 was called as a witness and, after having been first duly 

13 sworn, was examined and testified as follows: 

14 EXAMINATION 

1 6 Q |HBp'Oul<l you state your full name and 

1 7 position for die record? 

^^flHHIHHBHP '"^^^ ^'^ ^" specialist 

19 for Security Services Branch at the AAC. 

20 Q And how long have you worked here at this 

2 1 position? 

22 A Since January 2005. 
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1 Q Okay. And can you give me a brief overview of 

2 your duties? 

3 A I do system administration for something called 

4 the ACRS and Top Secret. We basically get requests through 

5 -- via -- via 9957's, and we have people do the system. 

6 We also do some of the auditing for our shop, and 

7 in general, it's just administrative duties that I have 

8 dealing with the it. 

9 Q Okay. And have you received a request to look 

10 into the access by an employes who may have been involved in 

1 1 an incident in which some data was taken from his home in 

12 the last month, Mr. Wayne Johnson? 

13 A I was asked to get some information, Mr. Wayne 

14 Johnson, access at the aac. 

15 Q Okay. Can you tell me about that? 

1 6 A Okay, On May 2 1 st, I was called at home from our 

1 7 service desk or help desk, stating that the deputy cio for 

18 the VBA needed some assistance. They give me a phone 

19 number. I proceed to caUSlll||||^and he explained that 

20 he needed to find out if Mr. Johnson had some access at the 

21 AAC, 

22 So I went ahead and told him I would call him 
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1 back. I called my supervisor to get. the okay. Once she 

2 gave me the okay, I calledHmPback and I told him, 

3 yes, I am going to go in and I am going to go ahead and see 

4 if he had access. 

5 Q And who is your supervisor? 

A Hjjjjjjjjjjjjjjjl^ 

7 Q Okay. What happened next? 

8 A So I came in to work, and then the first thing I 

9 did was just look into the system to find out if there was a 

10 Wayne Johnson that actually had a mainframe account. Once I 

1 1 find out that he did, I went ahead and put his account on 

12 suspense status, so no one could log in, and then I 

1 3 proceeded to take a look at the account and what access he 

14 had, and I also started mnning some of the logs that I am 

1 5 going to provide you with that show you when he logged into 

16 the system. 

17 Q Okay, 
118 A I '^^'''^BHHpnd I explained to him that, 

19 yes, this individual has access to the aac, i put die , 

20 account on hold, and I am running some logs for you, andX) 

21 then he told me at that point, you know, go ahead and 

22 continue to do that, I'll get back with you tomorrow 
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1 morning, and then we can go ahead and exchange that 

2 infomiation. 

3 Q Okay. So did you then provide him with some 

4 information? 

5 A Yes. The next day, I had all the logs ready, and 

6 I brought him with the copies, the same copies I'm going to 

7 give you today, and that was the extent of it. 

8 We had about 2 days of communication, He asked me 

9 for some information, for the logs first, and then he asked 

10 me for the 9957's as well, and I provided that on the second 

1 1 day. 

12 Q Did you have any e-mails going back and forth? 

13 A Yes, we did. 

14 Q And do you have copies? 

15 A I have copies of that for you too. 

1 6 Q Okay. So can you kind of go through, tell us the 

17 things Mr. Johnson had access to? 

18 A Well, I am -- I never worked with the data that he 

19 worked with. Okay? The extent of my job is to provide 

20 access to the functional task codes, and the functional task 

21 codes are like containers and, you know, for the data that 

22 he had access to. So I can see the description of what a 
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1 Q Sure. 

2 A This is a code assigned to his account, and this 

3 is the description of what that code is. 

4 Q So there's birls. fms, roscoe Remote, Survey of 

5 Veterans, and Nationwide SSN Data, ACRS Registration. 

6 There's a couple I didn't read. 

7 A Right. And ACRS Registration is just when the 

8 account got created. 

9 Q Okay. 

10 A So, for each one of those, then you would have to 

11 get a point of contact that can actually tell you 

12 information about what that, you know, functional task co 

13 what resources are given by that. 

14 Q And so who could -- would you be able to identify 

15 the point of contact for those? Is there -- how do you find 

16 that out? 

17 A Well, I can go into the system and see if there is 

1 8 a point -- point of contact for a functional task code. 

19 Okay? 

20 I know, f or example, that for this particular one, 

21 mHBlPM " I think he ~ I think he's right here 

22 at the AAC. He's the point of contact for that one. 
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1 functional task code is, and I can get an idea of what a 1 

2 functional task code is for, but I don't know what data is 2 

3 contained within it because I don't have the access to it. 3 

4 So-- 4 

5 Q Okay. Is there someone that could tell us, based 5 

6 on the information that you've provided, what information is 6 

7 contained in that? 7 
8 . A It would depend on what functional task codes. He 8 
9 had access to several of them. One of them, for example, 9 

10 was for FMS. so the person that deals with FMS data would 10 

1 1 have to go ahead and take a look at that. 1 1 

12 He had also had access to something called 12 

13 "BIRLS." 13 

14 Q Uh-huh. 14 

15 A And then the point of contact with birls would 15 

16 have to be the one that give you more details on what that 16 

17 is all about. 17 

18 Q Did he have any access to something called a "Comp 18 

19 and Pension Master Record" or a "Comp and Pension Mini 19 

20 Master Record"? 20 

21 A Not from what I can see. See, as you can see 21 

22 here, this is what I meant by a functional task code. 22 
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For FMS, that would be 
VACO. okay? 

For the rest of them, I would have to take a look 
at each functional task code and find out who the point of 
contact is for that. 

Q Okay. And why don't you describe what these 
documents are that you have for us today. 

A Okay, What I have is a snapshot of two different 
type of accounts. Okay? They're all tied in together, and 
the first - the first account is what we call the ACRS 
account. That stands for Automated Customer Registration 
System, and that's just like a front end to the mainframe. 
We run multiple applications on the mainframe, and that ju: 
allows us to be able to enter new customers, modify their 
access, delete their access, et cetera, but in reality, on 
the mainframe, there is something called the "Top Secret 
account." That's the one that's really handling the 
interaction with the mainframe, and I have a snapshot of 
both, the ACRS account and the Top Secret account. Okay? 
So this is what these copies are 
Q Okay. 
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A In addition to that, I also have copies of the ^^ 
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1 last two 9957 ' s that were submitted to the AAC requesting 

2 access for this individual, and this one dates back to 

3 3/24/2006, and the previous one was, what, 9/28/2005, but 

4 these are not all the 9957's. TTiese are just the ones I was 

5 requested to provide, 

6 Q Sure. 

7 A Okay. I also have copies of all the e-mails 

8 between myself andUHfat the vba, and I also -- 

9 between myself an d mostly fro m myself to several point of 

10 contacts. Because ■■|||^idn'( ^^ve PKI, I asked him 

1 1 that I need to send that information via PKI. so he gave me 

12 two different point of contacts, and I submitted copies of 

1 3 all these documents that you see here to those individuals. 

14 Q Okay. 

15 A So those are the e-mails. 

1 6 I also have copies of the system logs that I was 

17 asked to pull. I have from January to May, and these system 

18 logs are going to show just when Mr. Johnson logged into the 

19 system. 

20 The system does not keep track of exactly what was 

2 1 touched by Mr. Johnson, just when he logged in, he logged 

22 out, if it was a successful log-in. If he had problems 
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1 A No. I kept my supervisor ~ other than keeping my 

2 supervisor and the big boss for the section abreast of the 

3 fact that - 

4 Q Who is the big boss for the section? 

A HHVp^]' 

6 Q Okay. 

7 A I just let them both know that, you know - well, 

g flMHpcnew I was coming in, and when I got here, jm 

9 was working that weekend. So I explained to him why I Wi 

10 in to work and that I was just doing some security incident 

11 investigation. So that was it, just those two. 

12 Q Okay. Has there been anything that we have talked 

1 3 about today that you would like to add to or clarify? 

14 A Ican'tthink of anything at this point. 
Okay, Then we will end your testimony. 

I have a question. 
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1 logging in, that would show it in here top, but other than 

2 that, it's not going to show us any details as to what 

3 datasets or what - 

4 Q Sure. 

5 A -- functional task codes he had access to. Only 

6 as you put an added attribute on an account to begin with, 

7 you are not going to get that type of information, and that 

8 is the extent of what I have here. 

9 Q And how far back do the access logs go that you 

10 pulled for us? 

11 A I pulled until January, so the entire month of 

12 January. 
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Q Of '06? 


14 


A Right. 


15 


Q Okay. 


16 
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[ Dp you have any questions? 
s'o. I don't believe so. 

1 9 Q Okay. And you mentioned that you provided this 

20 information to|^||i| Have you had any contacts with 

2 1 any other employees at the Office of Automation Center 

22 concerning this information? 
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16 
17 
18 

19 _^_ 

20 q'^nd I don't know if ~ if this is under your 

21 purview. Is it the functional task code responsibility to 

22 - which gives the user access to a specific dataset name, 

Page 

1 as in like if they have — like we have access to lOA 

2 prod-dot [ph], text-dot, whatever dataset name. Some people 

3 have MDP, whatever access. Some people have RLS-dot-Access. 

4 Does that come from the functional task code? 

5 A Yes, ma'am. What happens is that the user can get 

6 access in a couple of ways. One is through a functional 

7 task code that is assigned through the acrs, and the 

8 fiinctional task code is just a pointer to the resources, 

9 datasets, facilities, datasets like MDPU or, you know, SSN 

1 or whatever the case is. 

1 1 And then within the functional task code for each 

1 2 one of those datasets, there is going to be permissions for 

1 3 each one of them. So it could be just read access. You 

1 4 could have a non-functional task code that is update access 

15 to that dataset. Okay? So depending on which dataset it 

16 is. 

17 And then the user can also get direct access to a 

18 dataset if we enter that information directly into their Top 

19 Secret account. So we don't use the interface. We just 

20 directly assign a dataset, and this individual, there's a \y^ 

21 couple of examples here. K/AC/ 

22 He had read access to a couple of datasets that 
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1 were given to him. like this 9-9-7, and that was a direct 
entry into it. So there is no functional task code given 
then. Everything else, he was getting through a functional 

task code. 
Q Okay. 

A Does that answer your question? 
Q Yes, it does. Thank you. 
m/KK/m All right. We are going to end your 

testimony, then. 

[Whereupon, the sworn testimony o( 

11 concluded.] 
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